PERFORCE change 63543 for review
Robert Watson
rwatson at FreeBSD.org
Fri Oct 22 22:07:05 GMT 2004
http://perforce.freebsd.org/chv.cgi?CH=63543
Change 63543 by rwatson at rwatson_tislabs on 2004/10/22 22:06:20
Some cleanup for merge to CVS: formatting, layout, structure.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/sysv_ipc.c#11 edit
.. //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#26 edit
.. //depot/projects/trustedbsd/mac/sys/kern/sysv_sem.c#29 edit
.. //depot/projects/trustedbsd/mac/sys/kern/sysv_shm.c#26 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/sysv_ipc.c#11 (text+ko) ====
==== //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#26 (text+ko) ====
@@ -218,6 +218,9 @@
{
struct msqid_kernel *msqkptr;
int msqid;
+#ifdef MAC
+ int i;
+#endif
/*
* Make sure that the msgunload maintains the consistency of the
@@ -240,11 +243,8 @@
#ifdef MAC
- int i;
- /* Clean up the MAC label associated with the msg objects. */
for (i = 0; i < msginfo.msgtql; i++)
mac_destroy_sysv_msgmsg(&msghdrs[i]);
- /* Clean up the MAC label associated with the msq objects. */
for (msqid = 0; msqid < msginfo.msgmni; msqid++)
mac_destroy_sysv_msgqueue(&msqids[msqid]);
#endif
@@ -346,7 +346,6 @@
msghdr->msg_next = free_msghdrs;
free_msghdrs = msghdr;
#ifdef MAC
- /* XXX: Reset the MAC label */
mac_cleanup_sysv_msgmsg(msghdr);
#endif
}
@@ -403,9 +402,9 @@
goto done2;
}
#ifdef MAC
- if ((error = mac_check_sysv_msqctl(td->td_ucred,msqkptr,cmd))) {
- MPRINTF((
- "MAC Framework: mac_check_sysv_msqctl permission denied!\n"));
+ error = mac_check_sysv_msqctl(td->td_ucred, msqkptr, cmd);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_msqctl returned %d\n", error));
goto done2;
}
#endif
@@ -431,16 +430,14 @@
* thread cannot free a certain msghdr. The msq will get
* into an inconsistent state.
*/
- msghdr = msqkptr->u.msg_first;
- while (msghdr != NULL) {
- if ((error = mac_check_sysv_msgrmid(td->td_ucred,
- msghdr))) {
- MPRINTF(
- "MAC Framework: mac_check_sysv_msgrmid permission denied\n");
- /* XXX wakeup(msqkptr); ??? */
+ for (msghdr = msqkptr->u.msg_first; msghdr != NULL;
+ msghdr = msghdr->msg_next) {
+ error = mac_check_sysv_msgrmid(td->td_ucred, msghdr);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_msgrmid returned %d\n",
+ error));
goto done2;
}
- msghdr = msghdr->msg_next;
}
#endif
@@ -465,7 +462,6 @@
msqkptr->u.msg_qbytes = 0; /* Mark it as free */
#ifdef MAC
- /* XXX: Reset the MAC label */
mac_cleanup_sysv_msgqueue(msqkptr);
#endif
@@ -570,9 +566,10 @@
goto done2;
}
#ifdef MAC
- if ((error = mac_check_sysv_msqget(cred, msqkptr))) {
- MPRINTF(
- "MAC Framework: mac_check_sysv_msqget access denied\n");
+ error = mac_check_sysv_msqget(cred, msqkptr);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_msqget returned %d\n",
+ error);
goto done2;
}
#endif
@@ -694,13 +691,9 @@
}
#ifdef MAC
- /*
- * Make sure that the thread has access rights to the message
- * queue.
- */
- if ((error = mac_check_sysv_msqsnd(td->td_ucred, msqkptr))) {
- MPRINTF((
-"MAC Framework: mac_check_sysv_msqsnd permission denied\n"));
+ error = mac_check_sysv_msqsnd(td->td_ucred, msqkptr);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_msqsnd returned %d\n", error));
goto done2;
}
#endif
@@ -819,12 +812,12 @@
msghdr->msg_spot = -1;
msghdr->msg_ts = msgsz;
#ifdef MAC
- mac_create_sysv_msgmsg(td->td_ucred, msqkptr, msghdr);
/*
- * XXX: Should the mac_check_sysv_msgmsq check follow here
+ * XXXMAC: Should the mac_check_sysv_msgmsq check follow here
* immediately? Or, should it be checked just before the msg is
* enqueued in the msgq (as it is done now)?
*/
+ mac_create_sysv_msgmsg(td->td_ucred, msqkptr, msghdr);
#endif
/*
@@ -930,31 +923,30 @@
goto done2;
}
- /*
- * Put the message into the queue
- */
-
#ifdef MAC
/*
* Note: Since the task/thread allocates the msghdr and usually
- * primes it with its own MAC label,for a majority of policies, it
+ * primes it with its own MAC label, for a majority of policies, it
* won't be necessary to check whether the msghdr has access
- * permissions to the msgq. The mac_check_sysv_msqsnd check would
+ * permissions to the msgq. The mac_check_sysv_msqsnd check would
* suffice in that case. However, this hook may be required where
* individual policies derive a non-identical label for the msghdr
* from the current thread label and may want to check the msghdr
* enqueue permissions, along with read/write permissions to the
* msgq.
*/
- if ((error = mac_check_sysv_msgmsq(td->td_ucred,msghdr,msqkptr))) {
- MPRINTF((
- "MAC Framework: mac_check_sysv_msqmsq permission denied\n"));
+ error = mac_check_sysv_msgmsq(td->td_ucred, msghdr, msqkptr);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_msqmsq returned %d\n", error));
msg_freehdr(msghdr);
wakeup(msqkptr);
goto done2;
}
#endif
+ /*
+ * Put the message into the queue
+ */
if (msqkptr->u.msg_first == NULL) {
msqkptr->u.msg_first = msghdr;
msqkptr->u.msg_last = msghdr;
@@ -1038,12 +1030,9 @@
}
#ifdef MAC
- /*
- * Make sure that the thread has access rights to the message queue.
- */
- if ((error = mac_check_sysv_msqrcv(td->td_ucred, msqkptr))) {
- MPRINTF((
-"MAC Framework: mac_check_sysv_msqrcv permission denied\n"));
+ error = mac_check_sysv_msqrcv(td->td_ucred, msqkptr);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_msqrcv returned %d\n", error));
goto done2;
}
#endif
@@ -1062,14 +1051,11 @@
goto done2;
}
#ifdef MAC
- /*
- * Make sure that the thread has access
- * rights to the message header.
- */
- if ((error = mac_check_sysv_msgrcv(td->td_ucred,
- msghdr))) {
- MPRINTF((
- "MAC Framework: mac_check_sysv_msgrcv permission denied\n"));
+ error = mac_check_sysv_msgrcv(td->td_ucred,
+ msghdr);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_msgrcv "
+ "returned %d\n", error));
goto done2;
}
#endif
@@ -1113,16 +1099,12 @@
goto done2;
}
#ifdef MAC
- /*
- * Make sure that the thread has
- * access rights to the message
- * header.
- */
- if ((error =
- mac_check_sysv_msgrcv(td->td_ucred,
- msghdr))) {
- MPRINTF((
- "MAC Framework: mac_check_sysv_msgrcv permission denied\n"));
+ error = mac_check_sysv_msgrcv(
+ td->td_ucred, msghdr);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_"
+ "msgrcv returned %d\n",
+ error));
goto done2;
}
#endif
==== //depot/projects/trustedbsd/mac/sys/kern/sysv_sem.c#29 (text+ko) ====
@@ -551,9 +551,9 @@
if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_R)))
goto done2;
#ifdef MAC
- if ((error = mac_check_sysv_semctl(cred, semakptr, cmd))) {
- MPRINTF((
- "MAC Framework: mac_check_sysv_semctl access denied\n"));
+ error = mac_check_sysv_semctl(cred, semakptr, cmd);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_semctl returned %d\n", error));
goto done2;
}
#endif
@@ -574,9 +574,9 @@
sema_mtxp = &sema_mtx[semid];
#ifdef MAC
mtx_lock(sema_mtxp);
- if ((error = mac_check_sysv_semctl(cred, semakptr, cmd))) {
- MPRINTF((
- "MAC Framework: mac_check_sysv_semctl access denied\n"));
+ error = mac_check_sysv_semctl(cred, semakptr, cmd);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_semctl returned %d\n", error));
goto done2;
}
mtx_unlock(sema_mtxp);
@@ -838,10 +838,10 @@
goto done2;
}
#ifdef MAC
- if ((error = mac_check_sysv_semget(cred,
- &sema[semid]))) {
- MPRINTF((
- "MAC Framework: mac_check_sysv_semget access denied\n"));
+ error = mac_check_sysv_semget(cred, &sema[semid]);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_semget returned %d\n",
+ error);
goto done2;
}
#endif
@@ -999,14 +999,9 @@
goto done2;
}
#ifdef MAC
- /*
- * The MAC hook checks whether the thread has read (and possibly
- * write) permissions to the semaphore array based on the
- * sopptr->sem_op value.
- */
- if ((error = mac_check_sysv_semop(td->td_ucred, semakptr, j))) {
- MPRINTF((
- "MAC Framework: mac_check_sysv_semop access denied\n"));
+ error = mac_check_sysv_semop(td->td_ucred, semakptr, j);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_semop returned %d\n", error));
goto done2;
}
#endif
==== //depot/projects/trustedbsd/mac/sys/kern/sysv_shm.c#26 (text+ko) ====
@@ -221,7 +221,6 @@
shm_nused--;
shmseg->u.shm_perm.mode = SHMSEG_FREE;
#ifdef MAC
- /* Reset the MAC label */
mac_cleanup_sysv_shm(shmseg);
#endif
}
@@ -295,9 +294,9 @@
*/
struct shmid_kernel *shmsegptr;
shmsegptr = &shmsegs[IPCID_TO_IX(shmmap_s->shmid)];
- if ((error = mac_check_sysv_shmdt(td->td_ucred, shmsegptr))) {
- MPRINTF((
- "MAC Framework: mac_check_sysv_shmdt access denied\n"));
+ error = mac_check_sysv_shmdt(td->td_ucred, shmsegptr);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_shmdt returned %d\n", error));
goto done2;
}
#endif
@@ -356,9 +355,9 @@
if (error)
goto done2;
#ifdef MAC
- if ((error = mac_check_sysv_shmat(td->td_ucred, shmseg, shmflg))) {
- MPRINTF((
- "MAC Framework: mac_check_sysv_shmat access denied\n"));
+ error = mac_check_sysv_shmat(td->td_ucred, shmseg, shmflg);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_shmat returned %d\n", error);
goto done2;
}
#endif
@@ -476,9 +475,9 @@
if (error)
goto done2;
#ifdef MAC
- if ((error = mac_check_sysv_shmctl(td->td_ucred, shmseg, uap->cmd))) {
- MPRINTF((
- "MAC Framework: mac_check_sysv_shmctl access denied\n"));
+ error = mac_check_sysv_shmctl(td->td_ucred, shmseg, uap->cmd);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_shmctl returned %d\n", error);
goto done2;
}
#endif
@@ -564,9 +563,9 @@
goto done2;
}
#ifdef MAC
- if ((error = mac_check_sysv_shmctl(td->td_ucred, shmseg, cmd))) {
- MPRINTF((
- "MAC Framework: mac_check_sysv_shmctl access denied\n"));
+ error = mac_check_sysv_shmctl(td->td_ucred, shmseg, cmd);
+ if (error != 0) {
+ MPRINTF(("mac_check_sysv_shmctl returned %d\n", error));
goto done2;
}
#endif
@@ -694,10 +693,9 @@
return (EEXIST);
error = ipcperm(td, &shmseg->u.shm_perm, mode);
#ifdef MAC
- if ((error = mac_check_sysv_shmget(td->td_ucred,shmseg,uap->shmflg))) {
- MPRINTF((
- "MAC Framework: mac_check_sysv_shmget access denied\n"));
- }
+ error = mac_check_sysv_shmget(td->td_ucred, shmseg, uap->shmflg);
+ if (error != 0)
+ MPRINTF(("mac_check_sysv_shmget returned %d\n", error));
#endif
if (error)
return (error);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list